Merge "Deploy separate glance-api services for OSSN-0090"
This commit is contained in:
commit
d6f9836352
|
@ -93,6 +93,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -9,6 +9,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Kernel
|
- OS::TripleO::Services::Kernel
|
||||||
- OS::TripleO::Services::Keystone
|
- OS::TripleO::Services::Keystone
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::MySQL
|
- OS::TripleO::Services::MySQL
|
||||||
- OS::TripleO::Services::MySQLClient
|
- OS::TripleO::Services::MySQLClient
|
||||||
- OS::TripleO::Services::NeutronApi
|
- OS::TripleO::Services::NeutronApi
|
||||||
|
|
|
@ -50,6 +50,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::Etcd: OS::Heat::None
|
OS::TripleO::Services::Etcd: OS::Heat::None
|
||||||
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
|
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
|
||||||
OS::TripleO::Services::GlanceApi: OS::Heat::None
|
OS::TripleO::Services::GlanceApi: OS::Heat::None
|
||||||
|
OS::TripleO::Services::GlanceApiInternal: OS::Heat::None
|
||||||
OS::TripleO::Services::GnocchiApi: OS::Heat::None
|
OS::TripleO::Services::GnocchiApi: OS::Heat::None
|
||||||
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
|
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
|
||||||
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
|
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
|
||||||
|
|
|
@ -36,6 +36,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Keystone
|
- OS::TripleO::Services::Keystone
|
||||||
- OS::TripleO::Services::LoginDefs
|
- OS::TripleO::Services::LoginDefs
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::HeatApi
|
- OS::TripleO::Services::HeatApi
|
||||||
- OS::TripleO::Services::HeatApiCfn
|
- OS::TripleO::Services::HeatApiCfn
|
||||||
- OS::TripleO::Services::HeatEngine
|
- OS::TripleO::Services::HeatEngine
|
||||||
|
|
|
@ -33,6 +33,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Kernel
|
- OS::TripleO::Services::Kernel
|
||||||
- OS::TripleO::Services::Keystone
|
- OS::TripleO::Services::Keystone
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::HeatApi
|
- OS::TripleO::Services::HeatApi
|
||||||
- OS::TripleO::Services::HeatApiCfn
|
- OS::TripleO::Services::HeatApiCfn
|
||||||
- OS::TripleO::Services::HeatEngine
|
- OS::TripleO::Services::HeatEngine
|
||||||
|
|
|
@ -34,6 +34,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Kernel
|
- OS::TripleO::Services::Kernel
|
||||||
- OS::TripleO::Services::Keystone
|
- OS::TripleO::Services::Keystone
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::MySQL
|
- OS::TripleO::Services::MySQL
|
||||||
- OS::TripleO::Services::MySQLClient
|
- OS::TripleO::Services::MySQLClient
|
||||||
- OS::TripleO::Services::NeutronApi
|
- OS::TripleO::Services::NeutronApi
|
||||||
|
|
|
@ -130,12 +130,6 @@ parameters:
|
||||||
type: boolean
|
type: boolean
|
||||||
tags:
|
tags:
|
||||||
- role_specific
|
- role_specific
|
||||||
GlanceShowMultipleLocations:
|
|
||||||
default: false
|
|
||||||
description: |
|
|
||||||
Whether to show multiple image locations e.g for copy-on-write support on
|
|
||||||
RBD or Netapp backends. Potential security risk, see glance.conf for more information.
|
|
||||||
type: boolean
|
|
||||||
# We default import plugins list to 'no_op' (instead of empty list) to discern from the scenario
|
# We default import plugins list to 'no_op' (instead of empty list) to discern from the scenario
|
||||||
# in which the user purposely disabled all plugins setting it to an empty list. This is useful
|
# in which the user purposely disabled all plugins setting it to an empty list. This is useful
|
||||||
# to automatically enable image_conversion plugin only when value is left to the default.
|
# to automatically enable image_conversion plugin only when value is left to the default.
|
||||||
|
@ -368,6 +362,23 @@ parameters:
|
||||||
Use the advanced (eventlet safe) memcached client pool.
|
Use the advanced (eventlet safe) memcached client pool.
|
||||||
default: true
|
default: true
|
||||||
|
|
||||||
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
||||||
|
# for backwards compatibility. They will be removed in future release.
|
||||||
|
GlanceShowMultipleLocations:
|
||||||
|
default: false
|
||||||
|
description: |
|
||||||
|
Whether to show multiple image locations e.g for copy-on-write support on
|
||||||
|
RBD or Netapp backends. Potential security risk, see glance.conf for more information.
|
||||||
|
type: boolean
|
||||||
|
|
||||||
|
parameter_groups:
|
||||||
|
- label: deprecated
|
||||||
|
description: |
|
||||||
|
The following parameters are deprecated and will be removed. They should not
|
||||||
|
be relied on for new deployments.
|
||||||
|
parameters:
|
||||||
|
- GlanceShowMultipleLocations
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
cinder_backend_enabled:
|
cinder_backend_enabled:
|
||||||
or:
|
or:
|
||||||
|
@ -494,7 +505,6 @@ outputs:
|
||||||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||||
read_default_group: tripleo
|
read_default_group: tripleo
|
||||||
|
|
||||||
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
|
||||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||||
glance::api::enable_v1_api: false
|
glance::api::enable_v1_api: false
|
||||||
|
@ -518,8 +528,6 @@ outputs:
|
||||||
- {get_param: GlanceCacheEnabled}
|
- {get_param: GlanceCacheEnabled}
|
||||||
- 'keystone+cachemanagement'
|
- 'keystone+cachemanagement'
|
||||||
- 'keystone'
|
- 'keystone'
|
||||||
glance::api::show_image_direct_url: true
|
|
||||||
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
|
|
||||||
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
|
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
|
||||||
glance::api::enabled_import_methods: {get_param: GlanceEnabledImportMethods}
|
glance::api::enabled_import_methods: {get_param: GlanceEnabledImportMethods}
|
||||||
glance::api::node_staging_uri: {get_param: GlanceNodeStagingUri}
|
glance::api::node_staging_uri: {get_param: GlanceNodeStagingUri}
|
||||||
|
@ -552,8 +560,11 @@ outputs:
|
||||||
"%{lookup('fqdn_$NETWORK')}"
|
"%{lookup('fqdn_$NETWORK')}"
|
||||||
params:
|
params:
|
||||||
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
||||||
tripleo::profile::base::glance::api::tls_proxy_port:
|
# Use glance's native port (9292) for tls proxying. The value is
|
||||||
get_param: [EndpointMap, GlanceInternal, port]
|
# hardcoded because the ports in the endpoint map are different (the
|
||||||
|
# public endpoint uses port 13292, and the internal and admin endpoints
|
||||||
|
# use port 9293).
|
||||||
|
tripleo::profile::base::glance::api::tls_proxy_port: 9292
|
||||||
# Bind to localhost if internal TLS is enabled, since we put a TLs
|
# Bind to localhost if internal TLS is enabled, since we put a TLs
|
||||||
# proxy in front.
|
# proxy in front.
|
||||||
glance::api::bind_host:
|
glance::api::bind_host:
|
||||||
|
|
|
@ -36,21 +36,17 @@ parameters:
|
||||||
List of enabled Image Import Methods. Valid values in the list are
|
List of enabled Image Import Methods. Valid values in the list are
|
||||||
'glance-direct', 'web-download', or 'copy-image'
|
'glance-direct', 'web-download', or 'copy-image'
|
||||||
type: comma_delimited_list
|
type: comma_delimited_list
|
||||||
EnableGlanceApiProxy:
|
|
||||||
default: true
|
|
||||||
description: Configure haproxy to forward glance-api requests to glance-api
|
|
||||||
services running at the edge site.
|
|
||||||
type: boolean
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
GlanceApiBase:
|
GlanceApiInternal:
|
||||||
type: ./glance-api-container-puppet.yaml
|
type: ./glance-api-internal-container-puppet.yaml
|
||||||
properties:
|
properties:
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
EndpointMap: {get_param: EndpointMap}
|
EndpointMap: {get_param: EndpointMap}
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
glance_api_edge_uri:
|
glance_api_edge_uri:
|
||||||
|
@ -60,39 +56,33 @@ outputs:
|
||||||
- {get_param: EnableInternalTLS}
|
- {get_param: EnableInternalTLS}
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"https://%{lookup('fqdn_NETWORK')}:9292"
|
"https://%{lookup('fqdn_NETWORK')}:PORT"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
||||||
|
PORT: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"http://%{lookup('NETWORK_uri')}:9292"
|
"http://%{lookup('NETWORK_uri')}:PORT"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
||||||
|
PORT: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
|
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Glance API role for DCN/Edge.
|
description: Role data for the Glance API role for DCN/Edge.
|
||||||
value:
|
value:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [GlanceApiBase, role_data]
|
- get_attr: [GlanceApiInternal, role_data]
|
||||||
- service_name: glance_api_edge
|
- service_name: glance_api_edge
|
||||||
firewall_edge_frontend_rules:
|
|
||||||
if:
|
|
||||||
- {get_param: EnableGlanceApiProxy}
|
|
||||||
- {get_attr: [GlanceApiBase, role_data, firewall_frontend_rules]}
|
|
||||||
firewall_edge_ssl_frontend_rules:
|
|
||||||
if:
|
|
||||||
- {get_param: EnableGlanceApiProxy}
|
|
||||||
- {get_attr: [GlanceApiBase, role_data, firewall_ssl_frontend_rules]}
|
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [GlanceApiBase, role_data, service_config_settings]
|
- get_attr: [GlanceApiInternal, role_data, service_config_settings]
|
||||||
- cinder_volume:
|
- cinder_volume:
|
||||||
cinder::glance::glance_api_servers: *glance_api_edge_uri
|
cinder::glance::glance_api_servers: *glance_api_edge_uri
|
||||||
nova_compute:
|
nova_compute:
|
||||||
nova::glance::endpoint_override: *glance_api_edge_uri
|
nova::glance::endpoint_override: *glance_api_edge_uri
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [GlanceApiBase, role_data, config_settings]
|
- get_attr: [GlanceApiInternal, role_data, config_settings]
|
||||||
- if:
|
- if:
|
||||||
- contains: ['glance-direct', {get_param: GlanceEnabledImportMethods}]
|
- contains: ['glance-direct', {get_param: GlanceEnabledImportMethods}]
|
||||||
- glance::api::worker_self_reference_url: *glance_api_edge_uri
|
- glance::api::worker_self_reference_url: *glance_api_edge_uri
|
||||||
|
|
|
@ -0,0 +1,183 @@
|
||||||
|
heat_template_version: wallaby
|
||||||
|
|
||||||
|
description: >
|
||||||
|
OpenStack Glance internal service configured with Puppet
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
ServiceData:
|
||||||
|
default: {}
|
||||||
|
description: Dictionary packing service data
|
||||||
|
type: json
|
||||||
|
ServiceNetMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service_name -> network name. Typically set
|
||||||
|
via parameter_defaults in the resource registry. Use
|
||||||
|
parameter_merge_strategies to merge it with the defaults.
|
||||||
|
type: json
|
||||||
|
RoleName:
|
||||||
|
default: ''
|
||||||
|
description: Role name on which the service is applied
|
||||||
|
type: string
|
||||||
|
RoleParameters:
|
||||||
|
default: {}
|
||||||
|
description: Parameters specific to the role
|
||||||
|
type: json
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
GlanceApiInternalLoggingSource:
|
||||||
|
type: json
|
||||||
|
default:
|
||||||
|
tag: openstack.glance.api
|
||||||
|
file: /var/log/containers/glance/api_internal.log
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
GlanceNetappNfsEnabled:
|
||||||
|
default: false
|
||||||
|
description: >
|
||||||
|
When using GlanceBackend 'file', Netapp mount NFS share for image storage.
|
||||||
|
type: boolean
|
||||||
|
ContainerGlanceApiImage:
|
||||||
|
description: image
|
||||||
|
type: string
|
||||||
|
tags:
|
||||||
|
- role_specific
|
||||||
|
ContainerGlanceApiInternalConfigImage:
|
||||||
|
description: The container image to use for the glance_api_internal config_volume
|
||||||
|
type: string
|
||||||
|
tags:
|
||||||
|
- role_specific
|
||||||
|
resources:
|
||||||
|
GlanceApi:
|
||||||
|
type: ./glance-api-container-puppet.yaml
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||||
|
|
||||||
|
MySQLClient:
|
||||||
|
type: ../database/mysql-client.yaml
|
||||||
|
|
||||||
|
GlanceLogging:
|
||||||
|
type: OS::TripleO::Services::Logging::GlanceApi
|
||||||
|
|
||||||
|
RoleParametersValue:
|
||||||
|
type: OS::Heat::Value
|
||||||
|
properties:
|
||||||
|
type: json
|
||||||
|
value:
|
||||||
|
map_replace:
|
||||||
|
- map_replace:
|
||||||
|
- ContainerGlanceApiImage: ContainerGlanceApiImage
|
||||||
|
ContainerGlanceApiInternalConfigImage: ContainerGlanceApiInternalConfigImage
|
||||||
|
- values: {get_param: [RoleParameters]}
|
||||||
|
- values:
|
||||||
|
ContainerGlanceApiImage: {get_param: ContainerGlanceApiImage}
|
||||||
|
ContainerGlanceApiInternalConfigImage: {get_param: ContainerGlanceApiInternalConfigImage}
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
role_data:
|
||||||
|
description: Role data for the internal Glance API.
|
||||||
|
value:
|
||||||
|
map_merge:
|
||||||
|
- get_attr: [GlanceApi, role_data]
|
||||||
|
- service_name: glance_api_internal
|
||||||
|
firewall_rules:
|
||||||
|
'112 glance_api_internal':
|
||||||
|
dport:
|
||||||
|
- {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
|
firewall_frontend_rules:
|
||||||
|
'100 glance_api_internal_haproxy_frontend':
|
||||||
|
dport:
|
||||||
|
- {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
|
|
||||||
|
# GlanceApi creates the keystone resources
|
||||||
|
keystone_resources: {}
|
||||||
|
|
||||||
|
config_settings: {get_attr: [GlanceApi, role_data, config_settings]}
|
||||||
|
|
||||||
|
service_config_settings:
|
||||||
|
map_merge:
|
||||||
|
- get_attr: [GlanceApi, role_data, service_config_settings]
|
||||||
|
- rsyslog:
|
||||||
|
tripleo_logging_sources_glance_api_internal:
|
||||||
|
- {get_param: GlanceApiInternalLoggingSource}
|
||||||
|
|
||||||
|
puppet_config:
|
||||||
|
config_volume: glance_api_internal
|
||||||
|
puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config,glance_image_import_config
|
||||||
|
step_config:
|
||||||
|
list_join:
|
||||||
|
- "\n"
|
||||||
|
- -
|
||||||
|
str_replace:
|
||||||
|
template: |
|
||||||
|
class { 'tripleo::profile::base::glance::api':
|
||||||
|
bind_port => PORT,
|
||||||
|
tls_proxy_port => PORT,
|
||||||
|
log_file => '/var/log/glance/api_internal.log',
|
||||||
|
show_image_direct_url => true,
|
||||||
|
show_multiple_locations => true,
|
||||||
|
}
|
||||||
|
params:
|
||||||
|
PORT: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
|
- if:
|
||||||
|
- {get_param: GlanceNetappNfsEnabled}
|
||||||
|
- include tripleo::profile::base::glance::netapp
|
||||||
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
|
config_image: {get_attr: [RoleParametersValue, value, ContainerGlanceApiInternalConfigImage]}
|
||||||
|
|
||||||
|
kolla_config:
|
||||||
|
# The kolla_config are essentially the same as the GlanceApi service.
|
||||||
|
# The only difference is the json file names.
|
||||||
|
/var/lib/kolla/config_files/glance_api_internal.json:
|
||||||
|
{get_attr: [GlanceApi, role_data, kolla_config, /var/lib/kolla/config_files/glance_api.json]}
|
||||||
|
/var/lib/kolla/config_files/glance_api_internal_tls_proxy.json:
|
||||||
|
{get_attr: [GlanceApi, role_data, kolla_config, /var/lib/kolla/config_files/glance_api_tls_proxy.json]}
|
||||||
|
|
||||||
|
docker_config:
|
||||||
|
step_2:
|
||||||
|
get_attr: [GlanceLogging, docker_config, step_2]
|
||||||
|
step_4:
|
||||||
|
# The internal services share the same GlanceApi docker configs,
|
||||||
|
# except we swap in the internal service's config_volume.
|
||||||
|
glance_api_internal:
|
||||||
|
map_merge:
|
||||||
|
- get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api]
|
||||||
|
- volumes:
|
||||||
|
yaql:
|
||||||
|
expression: $.data.vols.select($.replace('puppet-generated/glance_api', 'puppet-generated/glance_api_internal'))
|
||||||
|
data:
|
||||||
|
vols: {get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api, volumes]}
|
||||||
|
glance_api_internal_tls_proxy:
|
||||||
|
if:
|
||||||
|
- {get_param: EnableInternalTLS}
|
||||||
|
- map_merge:
|
||||||
|
- get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api_tls_proxy]
|
||||||
|
- volumes:
|
||||||
|
yaql:
|
||||||
|
expression: $.data.vols.select($.replace('puppet-generated/glance_api', 'puppet-generated/glance_api_internal'))
|
||||||
|
data:
|
||||||
|
vols: {get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api_tls_proxy, volumes]}
|
||||||
|
|
||||||
|
external_upgrade_tasks:
|
||||||
|
- when:
|
||||||
|
- step|int == 1
|
||||||
|
tags:
|
||||||
|
- never
|
||||||
|
- system_upgrade_transfer_data
|
||||||
|
- system_upgrade_stop_services
|
||||||
|
block:
|
||||||
|
- name: Stop glance api internal container
|
||||||
|
import_role:
|
||||||
|
name: tripleo_container_stop
|
||||||
|
vars:
|
||||||
|
tripleo_containers_to_stop:
|
||||||
|
- glance_api_internal
|
||||||
|
tripleo_delegate_to: "{{ groups['glance_api_internal'] | default([]) }}"
|
|
@ -45,6 +45,7 @@ resources:
|
||||||
EndpointMap: {get_param: EndpointMap}
|
EndpointMap: {get_param: EndpointMap}
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
glance_api_edge_uri:
|
glance_api_edge_uri:
|
||||||
|
@ -54,14 +55,16 @@ outputs:
|
||||||
- {get_param: EnableInternalTLS}
|
- {get_param: EnableInternalTLS}
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"https://%{lookup('fqdn_NETWORK')}:9292"
|
"https://%{lookup('fqdn_NETWORK')}:PORT"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
||||||
|
PORT: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"http://%{lookup('NETWORK_uri')}:9292"
|
"http://%{lookup('NETWORK_uri')}:PORT"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
||||||
|
PORT: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||||
|
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the HAproxy role for DCN/Edge.
|
description: Role data for the HAproxy role for DCN/Edge.
|
||||||
|
@ -85,18 +88,19 @@ outputs:
|
||||||
tripleo::haproxy::designate: false
|
tripleo::haproxy::designate: false
|
||||||
tripleo::haproxy::docker_registry: false
|
tripleo::haproxy::docker_registry: false
|
||||||
tripleo::haproxy::etcd: false
|
tripleo::haproxy::etcd: false
|
||||||
|
tripleo::haproxy::glance_api: false
|
||||||
- if:
|
- if:
|
||||||
- {get_param: EnableGlanceApiProxy}
|
- {get_param: EnableGlanceApiProxy}
|
||||||
- tripleo::haproxy::glance_api: true
|
- tripleo::haproxy::glance_api_internal: true
|
||||||
glance_api_vip:
|
glance_api_vip:
|
||||||
str_replace:
|
str_replace:
|
||||||
template:
|
template:
|
||||||
"%{lookup('NETWORK')}"
|
"%{lookup('NETWORK')}"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
|
||||||
glance_api_node_ips: "%{alias('glance_api_edge_node_ips')}"
|
glance_api_internal_node_ips: "%{alias('glance_api_edge_node_ips')}"
|
||||||
glance_api_node_names: "%{alias('glance_api_edge_node_names')}"
|
glance_api_internal_node_names: "%{alias('glance_api_edge_node_names')}"
|
||||||
- tripleo::haproxy::glance_api: false
|
- tripleo::haproxy::glance_api_internal: false
|
||||||
- tripleo::haproxy::gnocchi: false
|
- tripleo::haproxy::gnocchi: false
|
||||||
tripleo::haproxy::heat_api: false
|
tripleo::haproxy::heat_api: false
|
||||||
tripleo::haproxy::heat_cfn: false
|
tripleo::haproxy::heat_cfn: false
|
||||||
|
|
|
@ -234,6 +234,7 @@ outputs:
|
||||||
nova::network::neutron::password: {get_param: NeutronPassword}
|
nova::network::neutron::password: {get_param: NeutronPassword}
|
||||||
nova::network::neutron::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
nova::network::neutron::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||||
nova::network::neutron::valid_interfaces: 'internal'
|
nova::network::neutron::valid_interfaces: 'internal'
|
||||||
|
nova::glance::valid_interfaces: 'internal'
|
||||||
nova::rabbit_heartbeat_timeout_threshold: 60
|
nova::rabbit_heartbeat_timeout_threshold: 60
|
||||||
nova::cinder::catalog_info: 'volumev3:cinderv3:internalURL'
|
nova::cinder::catalog_info: 'volumev3:cinderv3:internalURL'
|
||||||
nova::cinder::os_region_name: {get_param: KeystoneRegion}
|
nova::cinder::os_region_name: {get_param: KeystoneRegion}
|
||||||
|
|
|
@ -31,8 +31,8 @@ parameter_defaults:
|
||||||
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
||||||
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
||||||
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
||||||
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
GlanceAdmin: {protocol: 'https', port: '9293', host: 'CLOUDNAME'}
|
||||||
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
GlanceInternal: {protocol: 'https', port: '9293', host: 'CLOUDNAME'}
|
||||||
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
|
|
@ -115,6 +115,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml
|
OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml
|
||||||
OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml
|
OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml
|
||||||
OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml
|
OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml
|
||||||
|
OS::TripleO::Services::GlanceApiInternal: deployment/glance/glance-api-internal-container-puppet.yaml
|
||||||
OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml
|
OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml
|
OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml
|
||||||
OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml
|
OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml
|
||||||
|
@ -354,6 +355,7 @@ parameter_defaults:
|
||||||
CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
|
CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
|
||||||
GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
||||||
GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
||||||
|
GlanceApiEdgeInternalNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
||||||
IronicApiNetwork: ctlplane
|
IronicApiNetwork: ctlplane
|
||||||
IronicNetwork: ctlplane
|
IronicNetwork: ctlplane
|
||||||
IronicInspectorNetwork: ctlplane
|
IronicInspectorNetwork: ctlplane
|
||||||
|
@ -445,8 +447,8 @@ parameter_defaults:
|
||||||
DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
|
DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
|
||||||
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
|
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
|
||||||
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
|
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
|
||||||
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
|
GlanceAdmin: {protocol: http, port: '9293', host: IP_ADDRESS}
|
||||||
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
|
GlanceInternal: {protocol: http, port: '9293', host: IP_ADDRESS}
|
||||||
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
|
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
|
||||||
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
|
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
|
||||||
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
|
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Two instances of the glance-api service are now deployed per the
|
||||||
|
recommendations outlined in `OSSN-0090 <https://wiki.openstack.org/wiki/OSSN/OSSN-0090>`_.
|
||||||
|
The user facing service does not provide access to image location data,
|
||||||
|
whereas a new internal glance-api service provides location data to
|
||||||
|
administrators and services that need it (e.g. cinder and nova), and is
|
||||||
|
accessible via the admin and internal keystone endpoints.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
A new OS::TripleO::Services::GlanceApiInternal service is introduced to
|
||||||
|
handle deploying the internal instance of the glance-api service. When
|
||||||
|
upgrading an overcloud deployed with a custom roles file, the new
|
||||||
|
GlanceApiInternal service must be added to every role that includes the
|
||||||
|
GlanceApi service. Roles that include the GlanceApiEdge service should not
|
||||||
|
include the new GlanceApiInternal service.
|
||||||
|
|
||||||
|
Deployment of the new internal glance-api service is generally transparent,
|
||||||
|
and includes updating glance's endpoints in the keystone catalog.
|
||||||
|
In a Distributed Compute Node (DCN) deployment, the control plane and
|
||||||
|
all DCN sites need to be updated in order to fully deploy the new internal
|
||||||
|
glance-api service.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The GlanceShowMultipleLocations parameter is deprecated.
|
|
@ -92,6 +92,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -63,6 +63,7 @@
|
||||||
- OS::TripleO::Services::IpaClient
|
- OS::TripleO::Services::IpaClient
|
||||||
- OS::TripleO::Services::Ipsec
|
- OS::TripleO::Services::Ipsec
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -80,6 +80,7 @@
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -82,6 +82,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -69,6 +69,7 @@
|
||||||
- OS::TripleO::Services::IpaClient
|
- OS::TripleO::Services::IpaClient
|
||||||
- OS::TripleO::Services::Ipsec
|
- OS::TripleO::Services::Ipsec
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -89,6 +89,7 @@
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -91,6 +91,7 @@
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -91,6 +91,7 @@
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -90,6 +90,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -95,6 +95,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -93,6 +93,7 @@
|
||||||
- OS::TripleO::Services::ExternalSwiftProxy
|
- OS::TripleO::Services::ExternalSwiftProxy
|
||||||
- OS::TripleO::Services::Frr
|
- OS::TripleO::Services::Frr
|
||||||
- OS::TripleO::Services::GlanceApi
|
- OS::TripleO::Services::GlanceApi
|
||||||
|
- OS::TripleO::Services::GlanceApiInternal
|
||||||
- OS::TripleO::Services::GnocchiApi
|
- OS::TripleO::Services::GnocchiApi
|
||||||
- OS::TripleO::Services::GnocchiMetricd
|
- OS::TripleO::Services::GnocchiMetricd
|
||||||
- OS::TripleO::Services::GnocchiStatsd
|
- OS::TripleO::Services::GnocchiStatsd
|
||||||
|
|
|
@ -232,8 +232,8 @@ environments:
|
||||||
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'}
|
||||||
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'}
|
||||||
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'}
|
||||||
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
GlanceAdmin: {protocol: 'https', port: '9293', host: 'CLOUDNAME'}
|
||||||
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
|
GlanceInternal: {protocol: 'https', port: '9293', host: 'CLOUDNAME'}
|
||||||
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
|
||||||
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
|
||||||
|
|
Loading…
Reference in New Issue